added auth

main
parent 043ac80784
commit 8d236e9ed7

@ -1,8 +1,9 @@
import { getRoom, updateRoom } from '@/db' import { getRoom, updateRoom } from '@/db'
import { getSession } from '@/db/sessions'
import type { Action } from '@/ggwp' import type { Action } from '@/ggwp'
import type { APIRoute } from 'astro' import type { APIRoute } from 'astro'
export const POST: APIRoute = async ({ params, request }) => { export const POST: APIRoute = async ({ params, request, cookies }) => {
const { id: roomId } = params const { id: roomId } = params
if (!roomId) { if (!roomId) {
return new Response('Invalid room id', { status: 400 }) return new Response('Invalid room id', { status: 400 })
@ -13,6 +14,17 @@ export const POST: APIRoute = async ({ params, request }) => {
return new Response('Room not found', { status: 404 }) return new Response('Room not found', { status: 404 })
} }
// check auth
const sid = cookies.get('sid')
if (!sid) {
return new Response('Unauthorized', { status: 401 })
}
const sessionRoom = getSession(sid.value)
if (sessionRoom !== roomId) {
return new Response('Unauthorized', { status: 401 })
}
const action = (await request.json()) as Action const action = (await request.json()) as Action
room.actions.push(action) room.actions.push(action)

@ -1,6 +1,7 @@
import { getRoom, updateRoom } from '@/db' import { getRoom, updateRoom } from '@/db'
import { addRoomUpdateListener, removeRoomUpdateListener } from '@/db/events' import { addRoomUpdateListener, removeRoomUpdateListener } from '@/db/events'
import type { RoomData } from '@/db/model' import type { RoomData } from '@/db/model'
import { getSession } from '@/db/sessions'
import type { APIRoute } from 'astro' import type { APIRoute } from 'astro'
function sseHandler(roomId: string) { function sseHandler(roomId: string) {
@ -54,7 +55,7 @@ export const GET: APIRoute = async ({ params, url }) => {
}) })
} }
export const POST: APIRoute = async ({ params, request }) => { export const POST: APIRoute = async ({ params, request, cookies }) => {
const { id: roomId } = params const { id: roomId } = params
if (!roomId) { if (!roomId) {
return new Response('Invalid room id', { status: 400 }) return new Response('Invalid room id', { status: 400 })
@ -65,6 +66,17 @@ export const POST: APIRoute = async ({ params, request }) => {
return new Response('Room not found', { status: 404 }) return new Response('Room not found', { status: 404 })
} }
// check auth
const sid = cookies.get('sid')
if (!sid) {
return new Response('Unauthorized', { status: 401 })
}
const sessionRoom = getSession(sid.value)
if (sessionRoom !== roomId) {
return new Response('Unauthorized', { status: 401 })
}
const newRoom = (await request.json()) as RoomData const newRoom = (await request.json()) as RoomData
// @ts-ignore // @ts-ignore

@ -2,7 +2,7 @@ import { createRoom, getRoom, getRooms } from '@/db'
import { createSession } from '@/db/sessions' import { createSession } from '@/db/sessions'
import type { APIRoute } from 'astro' import type { APIRoute } from 'astro'
export const POST: APIRoute = async ({ params, request, cookies }) => { export const POST: APIRoute = async ({ request, cookies }) => {
const body = await request.json() const body = await request.json()
console.log(body) console.log(body)

Loading…
Cancel
Save